[Zope] WEBDAV

sean.upton@uniontrib.com sean.upton@uniontrib.com
Fri, 23 Nov 2001 10:00:24 -0800 

Frankly, this one good reason you should consider the use of a proxy server
in front to Zope like Apache or Squid, which is the usual setup for
Production Zope deployments.  You use proxy ACLs to screen for certain
things, and can use an authenticator for things Zope doesn't authenticate
on, as long as you use the same user names and passwords, or user director
service.

That said, you can see object ids in folders, but nothing else using WebDAV.
You can also see the method objectIds callable via URL; if this concerns
you, a proxy ACL is a simple, graceful solution, to keep your object id
listings more obscure, and you should be able to setup ACLs for WebDAV and
for things like /objectIds.  You could bind an ACL to a authenticated user
for this, or bind it to a group of source addresses, or a particular
interface on the proxy server.

True security is almost always a proper integration issue.  Zope has strong
security, but comprehensive solutions in a production environment really
require the smart use of a reverse-proxy server / http-accelerator as a
front end.

Sean

-----Original Message-----
From: netadmin [mailto:netadmin@technifind.com]
Sent: Wednesday, November 21, 2001 5:49 PM
To: zope@zope.org
Subject: Re: [Zope] WEBDAV


I was using Webfolders under Windows 98 to access my webdav folder on a
linux server.  I found that I could access not only the directory ( and see
all the files listed ) but the actual contents without having to
authenticate [ scared the ? out of me ].  Is this standard?  

I double checked everything.  I disabled acquisition and all persons on the
anonymous user and I was still able to get to the contents of a file.


----- Original Message ----- 
From: sean.upton@uniontrib.com 
To: netadmin@technifind.com ; zope@zope.org 
Sent: Wednesday, November 21, 2001 6:37 PM
Subject: RE: [Zope] WEBDAV


It works; you need to specify the client you are trying to use, as some
clients are non-standard, or do funky things.  Most clients should work
without problem, AFAIK...

Sean
-----Original Message-----
From: netadmin [mailto:netadmin@technifind.com]
Sent: Wednesday, November 21, 2001 5:30 PM
To: zope@zope.org
Subject: [Zope] WEBDAV


Is webdav just pre-beta or what?  It just doesn't seem to be working right
at all.  Is there a Zope-Webdav tutorial or faq or something I can get my
hands on that might help me?

Thanks ahead of time for any help,
Luis.